﻿
<#
$thumprint_ygo="‎8F87CF6166947DA3DD3DAA74FA8C1A74B20985F0"

try
{
    $secureString = 'This is my password.  There are many like it, but this one is mine.' | 
                    ConvertTo-SecureString -AsPlainText -Force

    # Generate our new 32-byte AES key.  I don't recommend using Get-Random for this; the System.Security.Cryptography namespace
    # offers a much more secure random number generator.

    $key = New-Object byte[](32)
    $rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::Create()

    $rng.GetBytes($key)

    $encryptedString = ConvertFrom-SecureString -SecureString $secureString -Key $key

    # This is the thumbprint of a certificate on my test system where I have the private key installed.

    $thumbprint = 'B210C54BF75E201BA77A55A0A023B3AE12CD26FA'
    $cert = Get-Item -Path Cert:\CurrentUser\My\$thumbprint -ErrorAction Stop

    $encryptedKey = $cert.PublicKey.Key.Encrypt($key, $true)

    $object = New-Object psobject -Property @{
        Key = $encryptedKey
        Payload = $encryptedString
    }

    $object | Export-Clixml .\encryptionTest.xml

}
finally
{
    if ($null -ne $key) { [array]::Clear($key, 0, $key.Length) }
}
#>


Function New-KeyFile
{
    [cmdletbinding(DefaultParameterSetName="none")]
    Param( 
        [Parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [ValidateScript({Test-Path $_ -PathType Container})] 
        [String] 
        $Path,

        [Parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [String] 
        $KeyfileName
    )
    Process
    {
        $Key = New-Object Byte[] 32   # You can use 16, 24, or 32 for AES
        [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)

        $KeyFile = Join-Path -Path $Path -ChildPath $KeyfileName

        $Key | out-file $KeyFile
    }
}


Function Get-EncryptedPassword
{
    [cmdletbinding(DefaultParameterSetName="none")]
    Param( 
        [Parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [ValidateScript({Test-Path $_ -PathType Leaf})] 
        [String] 
        $KeyFilePath
    )
    Process
    {

        $key = Get-Content -Path $KeyFilePath

        $password = Read-Host -AsSecureString -Prompt "Please, enter the password for encryption"

        $encryptedPassword = ConvertFrom-SecureString -SecureString $password -Key $key

        $encryptedPassword
    }
}


Function Get-UserCredential
{
    [cmdletbinding(DefaultParameterSetName="none")]
    Param( 
        [Parameter(ParameterSetName="EncryptedPassword", Mandatory=$true)] 
        [ValidateScript({Test-Path $_ -PathType Leaf})] 
        [String] 
        $KeyFilePath,

        [Parameter(Mandatory=$true,ValueFromPipeline=$false)]
        [String] 
        $UserName,

        [Parameter(ParameterSetName="EncryptedPassword", Mandatory=$true)] 
        [String] 
        $EncryptedPassword,

        [Parameter(ParameterSetName="ClearPassword", Mandatory=$true)] 
        [String] 
        $ClearPassword

    )
    Process
    {

        if ($PSCmdlet.ParameterSetName -eq 'EncryptedPassword')
        {

            $key = Get-Content -Path $KeyFilePath

            $userCredential = New-Object -TypeName System.Management.Automation.PSCredential `
                              -ArgumentList $UserName, ($EncryptedPassword | ConvertTo-SecureString -Key $key)

        }
        else
        {
            $userCredential = New-Object -TypeName System.Management.Automation.PSCredential `
                              -ArgumentList $UserName, ($ClearPassword | ConvertTo-SecureString -AsPlainText -Force)

        }
        
        #return the user Credential
        $userCredential

    }
}



Function Export-ACL
{
    [cmdletbinding(DefaultParameterSetName="none")]
    Param( 
        [Parameter(ParameterSetName="EncryptedPassword", Mandatory=$true)] 
        [ValidateScript({Test-Path $_ -PathType Any})] 
        [String] 
        $Path
        )
    Process
    {
        $Acl = Get-acl -Path $Path

        $Acl.Access | ForEach-Object {

            $exportedPermissions = New-Object PSObject 

            $exportedPermissions | Add-Member -MemberType NoteProperty -Name Path -Value $Path
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name Owner -Value $acl.Owner
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name Group -Value $acl.Group
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name IdentityReference -Value $_.IdentityReference
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name FileSystemRights -Value $_.FileSystemRights
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name AccessControlType -Value $_.AccessControlType
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name IsInherited -Value $_.IsInherited
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name InheritanceFlags -Value $_.InheritanceFlags
            $exportedPermissions | Add-Member -MemberType NoteProperty -Name PropagationFlags -Value $_.PropagationFlags

            $exportedPermissions
        }

    }
}




Function Get-SharedPermissions
{
    [cmdletbinding()]
    param(
        [Parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
        $Computer = '.'
    ) 
    Process
    {

        Import-Module Microsoft.PowerShell.Security 

        $shares = gwmi -Class win32_share -ComputerName $computer

        $friendlyComputer = $Computer
        if ($friendlyComputer -eq '.')
        {
            $friendlyComputer = $env:COMPUTERNAME
        }
 
        foreach ($share in $shares) { 
            
            Write-Host $share.Name -ForegroundColor Green 
            Write-Host $('-' * $($share.Name.Length)) -ForegroundColor Green
     
            $objShareSec = Get-WMIObject -Class Win32_LogicalShareSecuritySetting -Filter "name='$($Share.Name)'"  -ComputerName $computer
            try { 
                $SD = $objShareSec.GetSecurityDescriptor().Descriptor   
                foreach($ace in $SD.DACL){  
                    $UserName = $ace.Trustee.Name     
                    If ($ace.Trustee.Domain -ne $Null) {$UserName = "$($ace.Trustee.Domain)\$UserName"}   
                    If ($ace.Trustee.Name -eq $Null) {$UserName = $ace.Trustee.SIDString }     
                    [Array]$ACL += New-Object Security.AccessControl.FileSystemAccessRule($UserName, $ace.AccessMask, $ace.AceType) 
                    } #end foreach ACE           
                } # end try 
            catch 
                { Write-Host "Unable to obtain permissions for $share" } 
            #$ACL

            $ACL | ForEach-Object {
                $ServerSharedPermissions = New-Object PSObject 

                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name Computer -Value $friendlyComputer
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name Shared -Value $Share.Name
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name Path -Value $Share.Path
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name Description -Value $Share.Description
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name IdentityReference -Value $_.IdentityReference
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name FileSystemRights -Value $_.FileSystemRights
                $ServerSharedPermissions | Add-Member -MemberType NoteProperty -Name AccessControlType -Value $_.AccessControlType

                $ServerSharedPermissions
            }

     
        Write-Host $('=' * 50) 
        } # end foreach $share
    }
}




